Thursday, May 20, 2010

Rate Limiting by mod_limitipconn

If you have a relatively busy web site, with lot of juicy information spiders are good fast enough to crawl through your site which sometimes become annoying. Currently there is none in place to stop them on the fly, unless you explicitly looks at the log files and do something.

That’s pretty fair until and unless, you are crawled to death. Hence came the Rate Limiting concept via some means whether tweaking your iptables rule or some other means. We are going discuss mod_limitipconn and how to implement it in order to limit the number of connections per IP on our server. This can be a very useful tool, as it could help in lowering the load on your server due to someone connecting too many times from the same IP.

Cd /usr/local/src/

wget http://dominia.org/djao/limit/mod_limitipconn-0.23.tar.bz2

tar -xjvf mod_limitipconn-0.23.tar.bz2

cd mod_limitipconn-0.23

/usr/local/apache/bin/apxs -i -a -c mod_limitipconn.c

Edit httpd.conf

LoadModule limitipconn_module /usr/local/apache2/modules/mod_limitipconn.so

When this file is still open, lets add in the following lines to the bottom of the file:

ExtendedStatus On

< IfModule mod_limitipconn.c >

MaxConnPerIP 10

NoIPLimit image/*

NoIPLimit image*/*

< /IfModule >

Note: exempting images from the connection limit as your web page might have lots of inline images

Finally Restart Apache.

It is highly recommended that you go through the README file that came with the source, and then keeping a sharp eye on what your webserver does, to see what you need to tweak in the defaults.


Please Note that, This module will not function unless mod_status is loaded and the “ExtendedStatus On” directive is set. Connections in excess of the limit result in a stock 503 Service temporary unavailable response, which can be make more meaningful.

I had sucessfully implemented this with my Prefork MPM apache cluster but i heard people saying that it has some issue while implementing along with mod_cache, do pitch in with your experince on this so that we can discuss further.

The Only disadvantage i have seen with mod_limitconn is that the limits defined by mod_limitipconn.c apply to all IP addresses connecting to your Apache server. Currently there is no way to set different limits for different IP addresses.

Cheers!
DEBU

No comments:

Post a Comment

'Optimism Bias' leads to poor decision making!

Effective Time-management and Time-boxing is a concern for 'always ready people'.  Being from a background that I am from,  I am...